a8dbfd6731e50375bd05ecc3b2459865bf4487592907d459c616757640345b85

General

Target

36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
Size

83KB
MD5

36050fb6c8440bbb68171a4c6b1f35f0
SHA1

c0a08e56b5b7a4ab83cf1ab56bc0fa37e9f18f35
SHA256

a8dbfd6731e50375bd05ecc3b2459865bf4487592907d459c616757640345b85
SHA512

abad6b2e01aa99ee4094a9a189e4a6304627a56584b108fd0836a03810d49c693058bce46c9b2b3567869a5f617f4cb690352be061280f251e1ede3691e7de0b
SSDEEP

1536:W7ZDpApYbWjIlE77ufL2e+efZwZavl0J0q:6DWpwE7oL2e+efZwZGCf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5035) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsFormsIntegration.resources.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ppd.xrm-ms.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsBase.resources.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.DLL.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Reader.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN048.XML.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.White.png.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp
Filesize
83KB

MD5
43a98e032ec4ffc070d1d1f39f445389

SHA1
2e895b91f0c2751d0cf48b57bedd155b46ac4eef

SHA256
e408f7294d64287a5a01537c66c4bd207730eebed18a679592acc68feec0b075

SHA512
7cc98c0e97424b3e700328068ae33182314bef9ce7d52f41df06a56dfcc54f8c1955e91866aa0cd8ad433725099d6dbfeb200330feac36c45cefcfd6e9073db8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
182KB

MD5
a18abae0330697b85a6b053b05c6f2b0

SHA1
c7c2d0a857c7093335bd4b1855dec2e309647971

SHA256
153f976f5b62b0a46dfc5f7786329979de268daacdbc0172b43e4f95510e6c1c

SHA512
d958500fd3e4b49c04161bd94f802555e344a5044bc771ebd9b81504bf5b66935501ff59a2ddb84b457714245b92c299b095a798b4a3af0a1f494bf3c2ba56c2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads